The Consumer Financial Protection Bureau (CFPB) ran for the fences this morning (October 22) when it issued the final Rule 1033 long-awaited regulation on personal data rights. As expected, this law will be a major step in opening up banking in the United States. But the law also reduced regulation of payment programs and left more room for credit unions and community banks to compete with large financial institutions.
The legislation, which implements Section 1033 of the Dodd-Frank Act, aims to give consumers greater control over their financial affairs and the ability to securely share them with third-party service providers. Under the new law, banks, credit unions and other financial institutions will be required to make consumer data available upon request to consumers and other authorized parties. This data includes information about transactions, fees, charges and usage of consumer checking accounts, credit cards and payment services.
The CFPB is much broader than expected, covering data in payment apps and digital wallets as well as bank accounts. “The providers of digital wallets have similar data that can provide full information about the consumer’s money,” reads part of the law. “Today, a digital wallet can initiate payments from multiple credit cards, prepaid accounts and checking accounts. A digital wallet can support payments from accounts that the digital wallet provider provides through depositors, or from linked accounts provided by institutions. others (sometimes called payments). This shows that the rule applies to digital wallets and payment programs that support payments from covered accounts. The document also says that digital wallet providers are generally considered data providers under the rule, even if they have just paid from the accounts. others.
The law also sets strict guidelines for third parties seeking access to consumer data. These organizations must obtain consumer consent, limit their data collection and use to the extent necessary to provide the services requested, and implement data protection measures. The law also prohibits the use of consumer data for marketing or sales purposes to third parties. It will require banks to create standardized APIs or other secure ways to share data, away from more secure features such as screen wiping. The law also prohibits corporations from charging data fines.
The CFPB has taken a regulatory approach, focusing first on deposit accounts, credit cards and payment services. Large financial institutions will need to comply first, with compliance dates ranging from 2026 to 2030 depending on asset size. In particular, depository institutions with assets of $850 million or less are not affected by the provisions of this law.
The final release of the Rule early in the morning has resulted in limited response during press time. Bank Policy Institute President and CEO Greg Baer released the following statement: “On first review, it appears that the CFPB’s final rule retains many of the flaws that plagued the rule. Banks have worked for years to establish secure ways to share customer data whenever a customer requests it. The rule The CFPB undermines this established policy, requiring banks to share financial data with others without adequate safeguards to protect that data from fraud, misuse and abuse.”
#CFPB #Includes #Payment #Software #Data #Providers #Final #Rule #PYMNTS.com